Using Technology to Protect Online Privacy: 2018 Year in Review

In terms of technical approaches to protecting user privacy online, 2018 has certainly seen its ups and downs.

On a positive note, we added a ton of new features to Privacy Badger, EFF’s anti-tracking browser extension for Firefox and Chrome. We started by revamping the experience for new users and ensuring Privacy Badger is effective right out of the box with pre-training. Unlike most tracker-blockers, Privacy Badger learns as you browse, and it doesn't send any information about your browsing activity back to EFF. This means that, in the past, Privacy Badger wouldn't begin blocking trackers for new users until after they'd browsed the web for a while. Now, thanks to a new learning regimen, fresh installs of Privacy Badger block most common trackers from the very start. Furthermore, Privacy Badger installations can now be preconfigured using managed storage, allowing administrators to set global defaults for their organizations.

Privacy Badger has also learned to block new kinds of tracking as well, including link tracking on Facebook, Twitter, and Google. Link tracking occurs when a first-party website, like Google, modifies the outgoing links from its site so that they report back to the company when you click to leave the page. This can be achieved with asynchronous requests made with Javascript, or with "link shims" that redirect you through a Google domain before sending you to your final destination. Privacy Badger also now rewrites URLs on Facebook to remove the company's new "fbclid" tracking parameters.

On a sadder note, 2018 saw the end of the Do Not Track working group at the W3C, the body that sets standards for web technologies. Do Not Track was conceived as a browser-based signal which users could enable to opt out of tracking. The signal is sent with every request, making it persistent and universal. Although the mechanism is supported by all major browsers, it is not self-enforcing: sites have to decide how to respect it. This year, attempts at the W3C to reach a “grand compromise” between user advocates and the advertising industry failed after seven years.

The advent of the GDPR promised better protection for those covered by it at least. On paper, EU law prohibits tracking unless the user has opted in. In reality, users are being confronted with “consent management” pop-ups which enable “consent” with one click but erect an obstacle course for anyone who wants to refuse. Some sites, such as Facebook and Yahoo, simply deny access to users who don't agree, making a mockery of the idea of choice. For now, users in the EU face the annoyance of pop-ups without any meaningful privacy gains, so they too need to practice self-defense. In 2019, Data Protection Authorities will have to take action to eliminate these cynical strategies.

Other, smaller browsers have been on top of this for a while. Brave browser has blocked tracking since its initial release, and tracker-blocking is an optional feature users can enable in Opera. But the new features introduced by Firefox and Safari are bringing tracker blocking to the mass market. Microsoft (Internet Explorer) and Google (Chrome) are now clearly falling behind on user privacy, leaving us wondering if they will follow suit and take steps to protect their browsers' users, or if advertising interests will be given precedence.

Looking forward to 2019, we’re optimistic about the future. With the advent of the GDPR this year, we think browser fingerprinting companies will have to come clean about their practices. Browser fingerprinting is a technique in which websites gather bits of information about your visit–your time zone, set of installed fonts, language preferences, etc.–and combine these characteristics to form a unique fingerprint that identifies your browser. This allows remote sites to track your distinct browsing habits without using cookies, which are easy for users to block and remove. The GDPR unequivocally states that this kind of personal data collection and user tracking is not permitted to override the "fundamental rights and freedoms of the data subject, including privacy" and is, we believe, not permitted by the new European regulation.

With all that’s happened in the past year, it’s clear that the fight to protect user privacy isn’t ending any time soon. That’s why, in 2019, EFF is gearing up to fight even harder. We’ll be dedicating more software developers to our privacy-enhancing tech projects, and to do that, we need your support. Donate to EFF now to ensure that 2019 is the year we turn the tide on online privacy.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.

Related Updates

Law enforcement access to data is in the middle of a profound shake-upacross the globe. States are pushing to get quicker, deeper, and more invasive access to personal data stored on the global Internet, and are looking to water down the international safeguards around privacy and due...

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters...

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data...

France’s data protection authority is first out the gate with a big decision regarding a high-profile tech company, and every other enforcer in Europe is taking notes. On January 21, France’s CNIL fined Google 50 million Euros for breaches of the General Data Protection Regulation (GDPR)...

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though...

Since even before he took office, President Trump has called for a physical wall along the southern border of the United States. Manydifferentorganizations have argued this isn’t a great idea. In response, some Congressional Democrats have suggested turning to surveillance...